الاثنين، 3 أغسطس 2015

Homeland Official Asks Black Hat Crowd to Build Trust

A top Obama administration official says the government and the data security community need to focus on building trust so information about cyber threats can be shared between them for the greater good.

Alejandro Mayorkas, deputy secretary of the Department of Homeland Security, says he recognizes that a trust deficit exists between the government and those who deal with data security, but says that needs to change.

"The best way to address the trust deficit is to build trust," Mayorkas said during his address Thursday at the final day of the annual Black Hat hacker conference in Las Vegas. "That's probably not an overnight process. It's probably an incremental process, but let's take the steps we need to."

But several people in the crowd of hackers and information security professionals expressed concern that any information about cyber threats shared with the government could be used against them.

The federal government also has come under fire in recent months for its own failures in cybersecurity.

Last month, Katherine Archuleta, director of the federal Office of Personnel Management, resigned in the wake of a government data breach that is believed to be the biggest in U.S. history.

Hackers downloaded Social Security numbers, health histories or other highly sensitive data from OPM's databases, affecting more than five times the 4.2 million people the government first disclosed this year. Since then, the administration acknowledged a second, related breach of systems housing private data that individuals submit during background investigations to obtain security clearances.

Among the data the hackers stole: criminal, financial, health, employment and residency histories, as well as information about families and acquaintances. The second, larger attack affected more than 19 million people who applied for clearances, as well as nearly 2 million of their spouses, housemates and others.

Mayorkas acknowledged that the cybersecurity of some government agencies is more advanced than others, but added that the White House has recently taken drastic steps to heighten overall governmental cybersecurity. Meanwhile, it's also involved in ongoing efforts to invest in research and development in the area.

Later on Thursday, hackers Runa Sandvik and Michael Auger spoke about how they managed to hack a Wi-Fi-enabled rifle. While they could not fire the rifle remotely, they were able to change its target by taking control of its scope.

"At the end of the day, it's just an armed computer running on Linux," Auger said at a press conference ahead of the presentation.

Auger said he thinks the odds of someone hacking and taking control of that specific rifle, of which only about 1,000 are on the market, are very remote.

It took the husband and wife team about a year working on and off to successfully hack the rifle's scope. And Auger added that very few people who own the rifle actually use it's Wi-Fi capabilities, which would need to already be turned on in order for the rifle to be hacked.

Additional panels detailed how bug bounties work, data security dangers for cities and the pros and cons of biometric identifiers.